4 Answers
4

To answer your boiled-down question: How insecure is email? Practically speaking email is subject to attack by DNS spoofing, WIFI interception, and untrusted network administrators just to name a few.

To mitigate this you need to consider the different aspects that need security. It's likely most companies will fall short in security in at least one of the following areas, so anything you send could be in clear text and visible by someone other than your intended recipient.

Under each facet of security I listed relevant products grouped by how they are technically implemented. Ask yourself these questions based on the content you're sending over email:

Message Sender Verification

Does the recipient need proof that it was you who actually sent the message?

For security auditing email consider the following scenario besides the answers mentioned before:

Should the users be able to open their email at every location? That is, at home, at a public place, in an internet cafe?

If so, consider blocking email-attachments in combination with webmail. The problem with email attachments is that they're stored on the local drive when opened from web. Of course I dont have to explain that this breaches the confidentiality of your data....

This is a real scenario which has happend to multiple businesses I came acorss when doing an audit.

Sending cleartext email essentially implies you trust every system that passes the email along with the contents - including any and all the servers that may temporarily store or log the email along with all the people managing those same systems. Sending or receiving wirelessly exacerbates the risk.

I tend to want to reduce how many systems and people I need to trust to pass sensitive information (i.e. secure all email which contains sensitive data).

everything that grant access or give sensitive information of possible exploit. This include clear text password, serial numbers and url to persistent private resources(billing documents , certificates etc.).
IMHO data that needs real world confirmation is not a problem (e-ticket for example) since when you exhibit such credential to real world checker your are also asked for a document.

The key is to send only "One time" valid resources or send information on different media (e ticket by mail and activation number by sms) this maybe do not solve the security issue but mitigate the risk